Lucene search
PRIOn knowledge basePRION:CVE-2023-25806HistoryMar 02, 2023 - 4:15 a.m.
Authorization
2023-03-0204:15:00
PRIOn knowledge base
www.prio-n.com
7
opensearch security
encryption
authentication
authorization
discrepancy
response time
user
basic identity provider
patches
versions
nvd
0.001 Low
EPSS
Percentile
25.3%
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider (IdP), and not other externally configured IdPs. Patches were released in versions 1.3.9 and 2.6.0, there are no workarounds.
| CPE | Name | Operator | Version |
|---|---|---|---|
| opensearch | ge | 2.0.0 | |
| opensearch | lt | 2.6.0 | |
| opensearch | lt | 1.3.9 | |
| opensearch_security | ge | 2.0.0 | |
| opensearch_security | lt | 2.6.0 | |
| opensearch_security | lt | 1.3.9 |
Related
osv
osv
OpenSearch has time discrepancy in authentication responses
2023-03-07 17:38:38
CVE-2023-25806
2023-03-02 04:15:10
cve
cve
CVE-2023-25806
2023-03-02 04:15:10
cvelist
cvelist
CVE-2023-25806 Time discrepancy in authentication responses in OpenSearch
2023-03-02 03:04:26
nvd
nvd
CVE-2023-25806
2023-03-02 04:15:10
github
github
OpenSearch has time discrepancy in authentication responses
2023-03-07 17:38:38